wok-next diff cyrus-sasl/stuff/patches/cyrus-sasl-2.1.26-openssl-1.1.0-1.patch @ rev 20443
The rest of my "home work" for update many packages (up to Xorg, GTK and Openbox) for Next and mainly for Next64. Since this point this repository is open for commits. Many errors are expected due to harfbuzz-freetype dependency loop...
| author | Aleksej Bobylev <al.bobylev@gmail.com> |
|---|---|
| date | Sat Feb 24 16:17:33 2018 +0200 (2018-02-24) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/cyrus-sasl/stuff/patches/cyrus-sasl-2.1.26-openssl-1.1.0-1.patch Sat Feb 24 16:17:33 2018 +0200 1.3 @@ -0,0 +1,447 @@ 1.4 +Submitted By: DJ Lucas <dj_AT_linuxfromscratch_DOT_org> 1.5 +Date: 2017-05-27 1.6 +Initial Package Version: 2.1.26 1.7 +Upstream Status: Comitted 1.8 +Origin: https://github.com/cyrusimap/cyrus-sasl/commit/f607d99bf6e3e2074ab925f96765488f29b821ec 1.9 + https://github.com/cyrusimap/cyrus-sasl/commit/4c8e3f24bb943386a67b4de65bb849f562499dd0 1.10 + https://github.com/cyrusimap/cyrus-sasl/commit/652334b7701e9394b195d33183cb7ccd916296e8 1.11 + https://github.com/cyrusimap/cyrus-sasl/commit/4f3c6beac5a6db053f1d1309353fde6e653d026c 1.12 + https://github.com/cyrusimap/cyrus-sasl/commit/68fac2fb7166cb482a405f6c6613bce4c982a77e 1.13 +Description: Allow to build with OpenSSL-1.1.0. 1.14 + 1.15 + 1.16 +diff -Naurp cyrus-sasl-2.1.26-orig/plugins/ntlm.c cyrus-sasl-2.1.26/plugins/ntlm.c 1.17 +--- cyrus-sasl-2.1.26-orig/plugins/ntlm.c 2012-01-27 17:31:36.000000000 -0600 1.18 ++++ cyrus-sasl-2.1.26/plugins/ntlm.c 2017-05-26 23:42:19.293372476 -0500 1.19 +@@ -417,6 +417,29 @@ static unsigned char *P24(unsigned char 1.20 + return P24; 1.21 + } 1.22 + 1.23 ++static HMAC_CTX *_plug_HMAC_CTX_new(const sasl_utils_t *utils) 1.24 ++{ 1.25 ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_new()"); 1.26 ++ 1.27 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L 1.28 ++ return HMAC_CTX_new(); 1.29 ++#else 1.30 ++ return utils->malloc(sizeof(HMAC_CTX)); 1.31 ++#endif 1.32 ++} 1.33 ++ 1.34 ++static void _plug_HMAC_CTX_free(HMAC_CTX *ctx, const sasl_utils_t *utils) 1.35 ++{ 1.36 ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_HMAC_CTX_free()"); 1.37 ++ 1.38 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L 1.39 ++ HMAC_CTX_free(ctx); 1.40 ++#else 1.41 ++ HMAC_cleanup(ctx); 1.42 ++ utils->free(ctx); 1.43 ++#endif 1.44 ++} 1.45 ++ 1.46 + static unsigned char *V2(unsigned char *V2, sasl_secret_t *passwd, 1.47 + const char *authid, const char *target, 1.48 + const unsigned char *challenge, 1.49 +@@ -424,7 +447,7 @@ static unsigned char *V2(unsigned char * 1.50 + const sasl_utils_t *utils, 1.51 + char **buf, unsigned *buflen, int *result) 1.52 + { 1.53 +- HMAC_CTX ctx; 1.54 ++ HMAC_CTX *ctx = NULL; 1.55 + unsigned char hash[EVP_MAX_MD_SIZE]; 1.56 + char *upper; 1.57 + unsigned int len; 1.58 +@@ -435,6 +458,10 @@ static unsigned char *V2(unsigned char * 1.59 + SETERROR(utils, "cannot allocate NTLMv2 hash"); 1.60 + *result = SASL_NOMEM; 1.61 + } 1.62 ++ else if ((ctx = _plug_HMAC_CTX_new(utils)) == NULL) { 1.63 ++ SETERROR(utils, "cannot allocate HMAC CTX"); 1.64 ++ *result = SASL_NOMEM; 1.65 ++ } 1.66 + else { 1.67 + /* NTLMv2hash = HMAC-MD5(NTLMhash, unicode(ucase(authid + domain))) */ 1.68 + P16_nt(hash, passwd, utils, buf, buflen, result); 1.69 +@@ -449,17 +476,18 @@ static unsigned char *V2(unsigned char * 1.70 + HMAC(EVP_md5(), hash, MD4_DIGEST_LENGTH, *buf, 2 * len, hash, &len); 1.71 + 1.72 + /* V2 = HMAC-MD5(NTLMv2hash, challenge + blob) + blob */ 1.73 +- HMAC_Init(&ctx, hash, len, EVP_md5()); 1.74 +- HMAC_Update(&ctx, challenge, NTLM_NONCE_LENGTH); 1.75 +- HMAC_Update(&ctx, blob, bloblen); 1.76 +- HMAC_Final(&ctx, V2, &len); 1.77 +- HMAC_cleanup(&ctx); 1.78 ++ HMAC_Init_ex(ctx, hash, len, EVP_md5(), NULL); 1.79 ++ HMAC_Update(ctx, challenge, NTLM_NONCE_LENGTH); 1.80 ++ HMAC_Update(ctx, blob, bloblen); 1.81 ++ HMAC_Final(ctx, V2, &len); 1.82 + 1.83 + /* the blob is concatenated outside of this function */ 1.84 + 1.85 + *result = SASL_OK; 1.86 + } 1.87 + 1.88 ++ if (ctx) _plug_HMAC_CTX_free(ctx, utils); 1.89 ++ 1.90 + return V2; 1.91 + } 1.92 + 1.93 +diff -Naurp cyrus-sasl-2.1.26-orig/plugins/otp.c cyrus-sasl-2.1.26/plugins/otp.c 1.94 +--- cyrus-sasl-2.1.26-orig/plugins/otp.c 2012-10-12 09:05:48.000000000 -0500 1.95 ++++ cyrus-sasl-2.1.26/plugins/otp.c 2017-05-26 23:42:19.293372476 -0500 1.96 +@@ -96,6 +96,28 @@ static algorithm_option_t algorithm_opti 1.97 + {NULL, 0, NULL} 1.98 + }; 1.99 + 1.100 ++static EVP_MD_CTX *_plug_EVP_MD_CTX_new(const sasl_utils_t *utils) 1.101 ++{ 1.102 ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_new()"); 1.103 ++ 1.104 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L 1.105 ++ return EVP_MD_CTX_new(); 1.106 ++#else 1.107 ++ return utils->malloc(sizeof(EVP_MD_CTX)); 1.108 ++#endif 1.109 ++} 1.110 ++ 1.111 ++static void _plug_EVP_MD_CTX_free(EVP_MD_CTX *ctx, const sasl_utils_t *utils) 1.112 ++{ 1.113 ++ utils->log(NULL, SASL_LOG_DEBUG, "_plug_EVP_MD_CTX_free()"); 1.114 ++ 1.115 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L 1.116 ++ EVP_MD_CTX_free(ctx); 1.117 ++#else 1.118 ++ utils->free(ctx); 1.119 ++#endif 1.120 ++} 1.121 ++ 1.122 + /* Convert the binary data into ASCII hex */ 1.123 + void bin2hex(unsigned char *bin, int binlen, char *hex) 1.124 + { 1.125 +@@ -116,17 +138,16 @@ void bin2hex(unsigned char *bin, int bin 1.126 + * swabbing bytes if necessary. 1.127 + */ 1.128 + static void otp_hash(const EVP_MD *md, char *in, size_t inlen, 1.129 +- unsigned char *out, int swab) 1.130 ++ unsigned char *out, int swab, EVP_MD_CTX *mdctx) 1.131 + { 1.132 +- EVP_MD_CTX mdctx; 1.133 +- char hash[EVP_MAX_MD_SIZE]; 1.134 ++ unsigned char hash[EVP_MAX_MD_SIZE]; 1.135 + unsigned int i; 1.136 + int j; 1.137 + unsigned hashlen; 1.138 + 1.139 +- EVP_DigestInit(&mdctx, md); 1.140 +- EVP_DigestUpdate(&mdctx, in, inlen); 1.141 +- EVP_DigestFinal(&mdctx, hash, &hashlen); 1.142 ++ EVP_DigestInit(mdctx, md); 1.143 ++ EVP_DigestUpdate(mdctx, in, inlen); 1.144 ++ EVP_DigestFinal(mdctx, hash, &hashlen); 1.145 + 1.146 + /* Fold the result into 64 bits */ 1.147 + for (i = OTP_HASH_SIZE; i < hashlen; i++) { 1.148 +@@ -149,7 +170,9 @@ static int generate_otp(const sasl_utils 1.149 + char *secret, char *otp) 1.150 + { 1.151 + const EVP_MD *md; 1.152 +- char *key; 1.153 ++ EVP_MD_CTX *mdctx = NULL; 1.154 ++ char *key = NULL; 1.155 ++ int r = SASL_OK; 1.156 + 1.157 + if (!(md = EVP_get_digestbyname(alg->evp_name))) { 1.158 + utils->seterror(utils->conn, 0, 1.159 +@@ -157,23 +180,32 @@ static int generate_otp(const sasl_utils 1.160 + return SASL_FAIL; 1.161 + } 1.162 + 1.163 ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { 1.164 ++ SETERROR(utils, "cannot allocate MD CTX"); 1.165 ++ r = SASL_NOMEM; 1.166 ++ goto done; 1.167 ++ } 1.168 ++ 1.169 + if ((key = utils->malloc(strlen(seed) + strlen(secret) + 1)) == NULL) { 1.170 + SETERROR(utils, "cannot allocate OTP key"); 1.171 +- return SASL_NOMEM; 1.172 ++ r = SASL_NOMEM; 1.173 ++ goto done; 1.174 + } 1.175 + 1.176 + /* initial step */ 1.177 + strcpy(key, seed); 1.178 + strcat(key, secret); 1.179 +- otp_hash(md, key, strlen(key), otp, alg->swab); 1.180 ++ otp_hash(md, key, strlen(key), otp, alg->swab, mdctx); 1.181 + 1.182 + /* computation step */ 1.183 + while (seq-- > 0) 1.184 +- otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab); 1.185 +- 1.186 +- utils->free(key); 1.187 ++ otp_hash(md, otp, OTP_HASH_SIZE, otp, alg->swab, mdctx); 1.188 ++ 1.189 ++ done: 1.190 ++ if (key) utils->free(key); 1.191 ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); 1.192 + 1.193 +- return SASL_OK; 1.194 ++ return r; 1.195 + } 1.196 + 1.197 + static int parse_challenge(const sasl_utils_t *utils, 1.198 +@@ -693,7 +725,8 @@ static int strptrcasecmp(const void *arg 1.199 + 1.200 + /* Convert the 6 words into binary data */ 1.201 + static int word2bin(const sasl_utils_t *utils, 1.202 +- char *words, unsigned char *bin, const EVP_MD *md) 1.203 ++ char *words, unsigned char *bin, const EVP_MD *md, 1.204 ++ EVP_MD_CTX *mdctx) 1.205 + { 1.206 + int i, j; 1.207 + char *c, *word, buf[OTP_RESPONSE_MAX+1]; 1.208 +@@ -752,13 +785,12 @@ static int word2bin(const sasl_utils_t * 1.209 + 1.210 + /* alternate dictionary */ 1.211 + if (alt_dict) { 1.212 +- EVP_MD_CTX mdctx; 1.213 +- char hash[EVP_MAX_MD_SIZE]; 1.214 +- int hashlen; 1.215 ++ unsigned char hash[EVP_MAX_MD_SIZE]; 1.216 ++ unsigned hashlen; 1.217 + 1.218 +- EVP_DigestInit(&mdctx, md); 1.219 +- EVP_DigestUpdate(&mdctx, word, strlen(word)); 1.220 +- EVP_DigestFinal(&mdctx, hash, &hashlen); 1.221 ++ EVP_DigestInit(mdctx, md); 1.222 ++ EVP_DigestUpdate(mdctx, word, strlen(word)); 1.223 ++ EVP_DigestFinal(mdctx, hash, &hashlen); 1.224 + 1.225 + /* use lowest 11 bits */ 1.226 + x = ((hash[hashlen-2] & 0x7) << 8) | hash[hashlen-1]; 1.227 +@@ -802,6 +834,7 @@ static int verify_response(server_contex 1.228 + char *response) 1.229 + { 1.230 + const EVP_MD *md; 1.231 ++ EVP_MD_CTX *mdctx = NULL; 1.232 + char *c; 1.233 + int do_init = 0; 1.234 + unsigned char cur_otp[OTP_HASH_SIZE], prev_otp[OTP_HASH_SIZE]; 1.235 +@@ -815,6 +848,11 @@ static int verify_response(server_contex 1.236 + return SASL_FAIL; 1.237 + } 1.238 + 1.239 ++ if ((mdctx = _plug_EVP_MD_CTX_new(utils)) == NULL) { 1.240 ++ SETERROR(utils, "cannot allocate MD CTX"); 1.241 ++ return SASL_NOMEM; 1.242 ++ } 1.243 ++ 1.244 + /* eat leading whitespace */ 1.245 + c = response; 1.246 + while (isspace((int) *c)) c++; 1.247 +@@ -824,7 +862,7 @@ static int verify_response(server_contex 1.248 + r = hex2bin(c+strlen(OTP_HEX_TYPE), cur_otp, OTP_HASH_SIZE); 1.249 + } 1.250 + else if (!strncasecmp(c, OTP_WORD_TYPE, strlen(OTP_WORD_TYPE))) { 1.251 +- r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md); 1.252 ++ r = word2bin(utils, c+strlen(OTP_WORD_TYPE), cur_otp, md, mdctx); 1.253 + } 1.254 + else if (!strncasecmp(c, OTP_INIT_HEX_TYPE, 1.255 + strlen(OTP_INIT_HEX_TYPE))) { 1.256 +@@ -834,7 +872,7 @@ static int verify_response(server_contex 1.257 + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, 1.258 + strlen(OTP_INIT_WORD_TYPE))) { 1.259 + do_init = 1; 1.260 +- r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md); 1.261 ++ r = word2bin(utils, c+strlen(OTP_INIT_WORD_TYPE), cur_otp, md, mdctx); 1.262 + } 1.263 + else { 1.264 + SETERROR(utils, "unknown OTP extended response type"); 1.265 +@@ -843,14 +881,15 @@ static int verify_response(server_contex 1.266 + } 1.267 + else { 1.268 + /* standard response, try word first, and then hex */ 1.269 +- r = word2bin(utils, c, cur_otp, md); 1.270 ++ r = word2bin(utils, c, cur_otp, md, mdctx); 1.271 + if (r != SASL_OK) 1.272 + r = hex2bin(c, cur_otp, OTP_HASH_SIZE); 1.273 + } 1.274 + 1.275 + if (r == SASL_OK) { 1.276 + /* do one more hash (previous otp) and compare to stored otp */ 1.277 +- otp_hash(md, cur_otp, OTP_HASH_SIZE, prev_otp, text->alg->swab); 1.278 ++ otp_hash(md, (char *) cur_otp, OTP_HASH_SIZE, 1.279 ++ prev_otp, text->alg->swab, mdctx); 1.280 + 1.281 + if (!memcmp(prev_otp, text->otp, OTP_HASH_SIZE)) { 1.282 + /* update the secret with this seq/otp */ 1.283 +@@ -879,23 +918,28 @@ static int verify_response(server_contex 1.284 + *new_resp++ = '\0'; 1.285 + } 1.286 + 1.287 +- if (!(new_chal && new_resp)) 1.288 +- return SASL_BADAUTH; 1.289 ++ if (!(new_chal && new_resp)) { 1.290 ++ r = SASL_BADAUTH; 1.291 ++ goto done; 1.292 ++ } 1.293 + 1.294 + if ((r = parse_challenge(utils, new_chal, &alg, &seq, seed, 1)) 1.295 + != SASL_OK) { 1.296 +- return r; 1.297 ++ goto done; 1.298 + } 1.299 + 1.300 +- if (seq < 1 || !strcasecmp(seed, text->seed)) 1.301 +- return SASL_BADAUTH; 1.302 ++ if (seq < 1 || !strcasecmp(seed, text->seed)) { 1.303 ++ r = SASL_BADAUTH; 1.304 ++ goto done; 1.305 ++ } 1.306 + 1.307 + /* find the MDA */ 1.308 + if (!(md = EVP_get_digestbyname(alg->evp_name))) { 1.309 + utils->seterror(utils->conn, 0, 1.310 + "OTP algorithm %s is not available", 1.311 + alg->evp_name); 1.312 +- return SASL_BADAUTH; 1.313 ++ r = SASL_BADAUTH; 1.314 ++ goto done; 1.315 + } 1.316 + 1.317 + if (!strncasecmp(c, OTP_INIT_HEX_TYPE, strlen(OTP_INIT_HEX_TYPE))) { 1.318 +@@ -903,7 +947,7 @@ static int verify_response(server_contex 1.319 + } 1.320 + else if (!strncasecmp(c, OTP_INIT_WORD_TYPE, 1.321 + strlen(OTP_INIT_WORD_TYPE))) { 1.322 +- r = word2bin(utils, new_resp, new_otp, md); 1.323 ++ r = word2bin(utils, new_resp, new_otp, md, mdctx); 1.324 + } 1.325 + 1.326 + if (r == SASL_OK) { 1.327 +@@ -914,7 +958,10 @@ static int verify_response(server_contex 1.328 + memcpy(text->otp, new_otp, OTP_HASH_SIZE); 1.329 + } 1.330 + } 1.331 +- 1.332 ++ 1.333 ++ done: 1.334 ++ if (mdctx) _plug_EVP_MD_CTX_free(mdctx, utils); 1.335 ++ 1.336 + return r; 1.337 + } 1.338 + 1.339 +diff -Naurp cyrus-sasl-2.1.26-orig/saslauthd/lak.c cyrus-sasl-2.1.26/saslauthd/lak.c 1.340 +--- cyrus-sasl-2.1.26-orig/saslauthd/lak.c 2012-10-12 09:05:48.000000000 -0500 1.341 ++++ cyrus-sasl-2.1.26/saslauthd/lak.c 2017-05-26 23:42:19.293372476 -0500 1.342 +@@ -61,6 +61,35 @@ 1.343 + #include <sasl.h> 1.344 + #include "lak.h" 1.345 + 1.346 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L 1.347 ++static EVP_MD_CTX *EVP_MD_CTX_new(void) 1.348 ++{ 1.349 ++ return EVP_MD_CTX_create(); 1.350 ++} 1.351 ++static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) 1.352 ++{ 1.353 ++ if (ctx == NULL) 1.354 ++ return; 1.355 ++ 1.356 ++ EVP_MD_CTX_destroy(ctx); 1.357 ++} 1.358 ++ 1.359 ++static EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) 1.360 ++{ 1.361 ++ EVP_ENCODE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); 1.362 ++ 1.363 ++ if (ctx != NULL) { 1.364 ++ memset(ctx, 0, sizeof(*ctx)); 1.365 ++ } 1.366 ++ return ctx; 1.367 ++} 1.368 ++static void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) 1.369 ++{ 1.370 ++ OPENSSL_free(ctx); 1.371 ++ return; 1.372 ++} 1.373 ++#endif 1.374 ++ 1.375 + typedef struct lak_auth_method { 1.376 + int method; 1.377 + int (*check) (LAK *lak, const char *user, const char *service, const char *realm, const char *password) ; 1.378 +@@ -1715,20 +1744,28 @@ static int lak_base64_decode( 1.379 + 1.380 + int rc, i, tlen = 0; 1.381 + char *text; 1.382 +- EVP_ENCODE_CTX EVP_ctx; 1.383 ++ EVP_ENCODE_CTX *enc_ctx = EVP_ENCODE_CTX_new(); 1.384 + 1.385 +- text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1); 1.386 + if (text == NULL) 1.387 + return LAK_NOMEM; 1.388 + 1.389 +- EVP_DecodeInit(&EVP_ctx); 1.390 +- rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (char *)src, strlen(src)); 1.391 ++ text = (char *)malloc(((strlen(src)+3)/4 * 3) + 1); 1.392 ++ if (text == NULL) { 1.393 ++ EVP_ENCODE_CTX_free(enc_ctx); 1.394 ++ return LAK_NOMEM; 1.395 ++ } 1.396 ++ 1.397 ++ EVP_DecodeInit(enc_ctx); 1.398 ++ rc = EVP_DecodeUpdate(enc_ctx, (unsigned char *) text, &i, (const unsigned char *)src, strlen(src)); 1.399 + if (rc < 0) { 1.400 ++ EVP_ENCODE_CTX_free(enc_ctx); 1.401 + free(text); 1.402 + return LAK_FAIL; 1.403 + } 1.404 + tlen += i; 1.405 +- EVP_DecodeFinal(&EVP_ctx, text, &i); 1.406 ++ EVP_DecodeFinal(enc_ctx, (unsigned char *) text, &i); 1.407 ++ 1.408 ++ EVP_ENCODE_CTX_free(enc_ctx); 1.409 + 1.410 + *ret = text; 1.411 + if (rlen != NULL) 1.412 +@@ -1744,7 +1781,7 @@ static int lak_check_hashed( 1.413 + { 1.414 + int rc, clen; 1.415 + LAK_HASH_ROCK *hrock = (LAK_HASH_ROCK *) rock; 1.416 +- EVP_MD_CTX mdctx; 1.417 ++ EVP_MD_CTX *mdctx; 1.418 + const EVP_MD *md; 1.419 + unsigned char digest[EVP_MAX_MD_SIZE]; 1.420 + char *cred; 1.421 +@@ -1753,17 +1790,24 @@ static int lak_check_hashed( 1.422 + if (!md) 1.423 + return LAK_FAIL; 1.424 + 1.425 ++ mdctx = EVP_MD_CTX_new(); 1.426 ++ if (!mdctx) 1.427 ++ return LAK_NOMEM; 1.428 ++ 1.429 + rc = lak_base64_decode(hash, &cred, &clen); 1.430 +- if (rc != LAK_OK) 1.431 ++ if (rc != LAK_OK) { 1.432 ++ EVP_MD_CTX_free(mdctx); 1.433 + return rc; 1.434 ++ } 1.435 + 1.436 +- EVP_DigestInit(&mdctx, md); 1.437 +- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd)); 1.438 ++ EVP_DigestInit(mdctx, md); 1.439 ++ EVP_DigestUpdate(mdctx, passwd, strlen(passwd)); 1.440 + if (hrock->salted) { 1.441 +- EVP_DigestUpdate(&mdctx, &cred[EVP_MD_size(md)], 1.442 ++ EVP_DigestUpdate(mdctx, &cred[EVP_MD_size(md)], 1.443 + clen - EVP_MD_size(md)); 1.444 + } 1.445 +- EVP_DigestFinal(&mdctx, digest, NULL); 1.446 ++ EVP_DigestFinal(mdctx, digest, NULL); 1.447 ++ EVP_MD_CTX_free(mdctx); 1.448 + 1.449 + rc = memcmp((char *)cred, (char *)digest, EVP_MD_size(md)); 1.450 + free(cred);